{ "Request": { "MechType": { "Mechanism": "SPNEGO", "Oid": "1.3.6.1.5.5.2" }, "NegotiationToken": { "MechTypes": [ { "Mechanism": "Kerberos V5 Legacy", "Oid": "1.2.840.48018.1.2.2" }, { "Mechanism": "Kerberos V5", "Oid": "1.2.840.113554.1.2.2" }, { "Mechanism": "NegoEx", "Oid": "1.3.6.1.4.1.311.2.2.30" }, { "Mechanism": "NTLM", "Oid": "1.3.6.1.4.1.311.2.2.10" } ], "MechToken": { "NegotiateExtension": null, "ThisMech": { "Mechanism": "Kerberos V5", "Oid": "1.2.840.113554.1.2.2" }, "InnerContextToken": { "ProtocolVersionNumber": 5, "MessageType": "KRB_AP_REQ", "APOptions": "MUTUAL_REQUIRED", "Ticket": { "TicketVersionNumber": 5, "Realm": "TEST.LOCAL", "SName": { "Realm": "TEST.LOCAL", "Names": [ "HTTP/monsite.test.local" ], "NameType": "NT_SRV_INST" }, "EncPart": { "EType": "AES256_CTS_HMAC_SHA1_96", "KeyVersionNumber": 4, "Cipher": "boOxv7rKLMq2BCWOBaumyimbb8ZrwsaOfI1CYdzDZBLF3mygdrdgpoEbx4nLxj9KbPVBlSWhAXT8bb0HBFVLOqzbYR4omNMzgC4mCD6MR/D/LXuNYv/4+G8Hg5qmaJTXeF6H3nfouPZF2y34gDhJTvQT9cYdihT6NOrFsm6EMScxwDnyTcFcH83AvO9rgtEini1C8kf3WTF0N6SHSgCvSeenGDpNvzqMy+rsfkd4iVDh/P546WV5IDsPAOYSO/FJxIJ4J/p8MicxD4AWlkhIl0LK5x9hagh6GmSUVOMxECnrZj2dcwAJYZe9xQWXI9oE4t+iLcwrx9Kgi3kvxzslRCyXSJrRQ1OX3mnMOEKD6Y2d+/3AwA1lIlljmwgF0gitcPBD2G9SpPVEUdxik8SugNC9DE2/z7Lf0tbvKuSmGHLNEQfeZRa9TLS7CUdBYKqheYMyP2JWzyCuOsINWcH/6sXkV4QEP+uxTJw+PegN2xPH7WXJ2D5EpTZOSFBSKesJWMFAr9hRQcr4h+LcCJKO1kxODfV4ctDPWs/WvdECTD7Ft+jYDCRLV8Ug8SUv+B4YF5bgTMarrAfpm2JZqJwTBcbWTppBRaSamgSkoj4HVfbQT4Z8p8dQtSq7MJpL9KZOzUJ50yZqij+2fh2o2a0R873ZKTa+bK78BlrhIWWoIOjGeDPxSzzk3vxeh0c7Yp1fMLhpNPUNF5CdTjjdzaes15+QmFQEfNj/5m9valxm6Gkf3U7jyKEhBT++OXlnQYfaiZ8NZDj1FaRrHViGGqeyeOXJQ4NqsEqYEBNxs2TBW1YsGRKTzuOCiZwi4aQunDUmPbbPdZhA87CWE9Nn4lrGctzSatLqahetXGLw02OUIO9x1ztJov9GPMWaxLLTHhiyQ8/Unbbqt5Q9Rh8iluaVMjYtbyuTzw+lHt4AiQRk8WW+7dtl//uQChaCmY8VEdUEl9oHo7rFWiZOiVHTkgQ3eW32fvTgq3xF2ZtLANvPrWosyYUzmEOKWVcztoWLFmwDSLk/HMbFsw0Z5Ckf1O9s1S6irs3ItTukpuo1AbUAHPmThDB7WJagzMcijDFnpvp2QusgLnBffxfxCeH00gQnjK1D64/sdtaIY4T8AcNAWrBrUvUIQg2WhX0JosN+yX6R2W0BVFM5svbChm9tlpKZPl4Ve9/tPfirLAJR+xmEcOnYVLJiVvw0TW+Bkn7n5oZIvbjogQrS4MsSBAYhU1txGD+iaj15GV63cEkyoVA+oWhTrfi5DAXNkpBjfkPQBdOV6OsxYbaZXUEOZelwkq8GK+S1yyDSBp2rATHsHpZ2ErGfpX/3uC5R6wrVQNv/RYWTrtEjIdZRgboh7lVhLLQhVVw+/9c7kaHvMFyn4daiTWtOeCSmpFQOlxl0R12zgrRpHwznm5dYwK6yKCQGV0OeUu1aZj9rfLBM5mVd6UikQOH5abufsG30zM5hN4n9ZQA7GjIhfWUcTpqtCV+HfDURuR0k0SDB18GBNjC3birAdX0wbzW6jbSAkwVWbllqsiRdlmaBMIqHud1M0Bou6DhM49ppdPnCVPT32sokp9fCFg==" } }, "Authenticator": { "EType": "AES256_CTS_HMAC_SHA1_96", "KeyVersionNumber": null, "Cipher": "TthVcSyWtuo9m0bvUN3nq4wMSVRAun8N2TNTtDJRbiudgePOYC3ZTdg2kpZ7nGb/A5NcA/2yR1Wej5SnIQrmdVU9oE3yARrvis3ECE0pAq+dzdyJdYakM1lC5aRflnu9wVrRgLBhR/ADNmDU9OkhFpz8FnDXAoyJJ2WW4lEL+PU/8D1J5iq5Fl/Tia3Aqe/5KZS99pMfszY655xxsapIKN6PTLRSOonDJFEwGXSVHEJAwY7WJATE/q/D/fBALe1YfCQ/j6dIP9Eyvcsm19JLfjOggv7zZFCNpE43/uPxfujQ1WgDKWHoHG2Uad0102P1yuwFLxlAuk2Hdy2VmEebDNbo7njDr6TlV8H8zCBWtvrzFg9tcbzrqFK+vP+nf+icc/wsNnmC/Qm0B7jeySOGqoE+USd7PVkR92rUh+A8yHQBWbZ3SJY=" } } } }, "Request": null }, "Decrypted": { "EType": "AES256_CTS_HMAC_SHA1_96", "Authenticator": { "VersionNumber": 5, "Realm": "TEST.LOCAL", "CName": { "Realm": "TEST.LOCAL", "Names": [ "localadminuser" ], "NameType": "NT_PRINCIPAL" }, "Checksum": "oAUCAwCAA6EaBBgQAAAAEUfRcCMsHKcjcJCC/116ESIAAAA=", "CuSec": 22, "CTime": "2018-09-12T12:02:06+00:00", "Subkey": "tbqoj0Ruj7nxMhyHSbBHPI/JLtW4x/Q/1smwleTOykY=", "SequenceNumber": 1835517369, "Authorizations": [ { "Authorizations": [ { "AdType": 0, "AdData": null, "AdIfRelevant": 0, "PrivilegedAttributeCertificate": null, "Restriction": null }, { "AdType": 0, "AdData": null, "AdIfRelevant": 0, "PrivilegedAttributeCertificate": null, "Restriction": null } ] } ] }, "Ticket": { "TicketFlags": "EncryptedPreAuthentication, PreAuthenticated, Renewable, Forwardable", "EncryptionKey": "ac433p+DOB09vt1INpGwSa6WnCGvIPYslOwAVt0ju9Y=", "CRealm": "TEST.LOCAL", "CName": { "Realm": "TEST.LOCAL", "Names": [ "localadminuser" ], "NameType": "NT_PRINCIPAL" }, "Transited": [ { "Type": 1, "Contents": "" } ], "AuthTime": "2018-09-12T12:02:06+00:00", "StartTime": "2018-09-12T12:02:06+00:00", "EndTime": "2018-09-12T22:02:06+00:00", "RenewTill": "2018-09-19T12:02:06+00:00", "HostAddresses": 0, "AuthorizationData": { "Authorizations": [ { "AdType": 1, "AdData": null, "AdIfRelevant": 128, "PrivilegedAttributeCertificate": { "DecodingErrors": [], "Version": 0, "LogonInfo": { "LogonTime": "1601-01-01T00:06:57.3726223+00:00", "LogoffTime": "0001-01-01T00:00:00+00:00", "KickOffTime": "0001-01-01T00:00:00+00:00", "PwdLastChangeTime": "1601-01-01T00:03:36.9775832+00:00", "PwdCanChangeTime": "1601-01-01T00:04:48.1349537+00:00", "PwdMustChangeTime": "0001-01-01T00:00:00+00:00", "LogonCount": 144, "BadPasswordCount": 0, "UserName": "localadminuser", "UserDisplayName": "localadminuser", "LogonScript": "", "ProfilePath": "", "HomeDirectory": "", "HomeDrive": "", "ServerName": "DC2016", "DomainName": "TESTLOCAL", "UserSid": { "Attributes": 0, "Value": "S-1-5-21-3643611871-2386784019-710848469-1106" }, "GroupSid": { "Attributes": 0, "Value": "S-1-5-21-3643611871-2386784019-710848469-513" }, "GroupSids": [ { "Attributes": "SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED", "Value": "S-1-5-21-3643611871-2386784019-710848469-1108" }, { "Attributes": "SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED", "Value": "S-1-5-21-3643611871-2386784019-710848469-513" }, { "Attributes": "SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED", "Value": "S-1-5-21-3643611871-2386784019-710848469-1602" } ], "ExtraSids": [ { "Attributes": "SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED", "Value": "S-1-5-21-3643611871-2386784019-710848469-1" } ], "UserAccountControl": "ADS_UF_LOCKOUT, ADS_UF_NORMAL_ACCOUNT", "UserFlags": "LOGON_EXTRA_SIDS, LOGON_RESOURCE_GROUPS", "FailedILogonCount": 0, "LastFailedILogon": "1601-01-01T00:00:00+00:00", "LastSuccessfulILogon": "1601-01-01T00:00:00+00:00", "SubAuthStatus": 0, "ResourceDomainSid": { "Attributes": 0, "Value": "S-1-5-21-3643611871-2386784019-710848469" }, "ResourceGroups": [ { "Attributes": "SE_GROUP_MANDATORY, SE_GROUP_ENABLED_BY_DEFAULT, SE_GROUP_ENABLED, SE_GROUP_RESOURCE", "Value": "S-1-5-21-3643611871-2386784019-710848469-1601" } ], "DomainSid": { "Attributes": 0, "Value": "S-1-5-21-3643611871-2386784019-710848469" } }, "ServerSignature": { "Type": "HMAC_SHA1_96_AES256", "Signature": "JZHx7S/mwv/7L3mC", "RODCIdentifier": 0 }, "CredentialType": null, "KdcSignature": { "Type": "KERB_CHECKSUM_HMAC_MD5", "Signature": "B8l8PbOGplH4cnrk8n9xHA==", "RODCIdentifier": 0 }, "ClientClaims": null, "DeviceClaims": null, "ClientInformation": { "ClientId": "1601-01-01T00:03:05.435688+00:00", "Name": "localadminuser" }, "UpnDomainInformation": { "Upn": "localadminuser@test.local", "Domain": "TEST.LOCAL", "Flags": 0 } }, "Restriction": null }, { "AdType": 1, "AdData": null, "AdIfRelevant": 141, "PrivilegedAttributeCertificate": null, "Restriction": { "Type": 0, "Restriction": { "Flags": "Restricted", "TokenIntegrityLevel": "Medium", "MachineId": "F5EFs8QQf+tJlK3PGhKcwue7Xmq8yUBm4sK0v9sYRXY=" } } } ] } }, "Skew": "00:05:00" }